Re: [Exim] My exim still not rejecting correctly..

Top Page
Delete this message
Reply to this message
Author: Edgar Lovecraft
Date:  
To: exim-users
Subject: Re: [Exim] My exim still not rejecting correctly..
Brian wrote:
>

..[snip]...
>
> It took me some time to understand what the callout was actually doing,
> but it looks like it actually tries to send a message to the sender in
> order to perform the check! What a great idea.. ;)


not exactly, in basic callout usage the sMTP transaction looks like this:
(simplified here slightly)

HELO fqdn-of-your-server
MAIL FROM:<> #NULL sender to keep from mail loops
RCPT TO:<sender-address-as-recieved-on-MAIL-FROM>
(check response)
QUIT

No message is sent; just up to the RCPT stage of the transaction.

> Anyway.. so I have this setup in my exim config for it to verify and
> what I think it's doing is probably what it's not doing :)
>
> require verify = sender/callout=use_sender,10s,defer_ok
> message = unrouteable sender domain


dont use 'use_sender' in a sender callout, that is for recipeint callout
checks and some what in question as to the stability of it as it is a new
feature to the recipient callout checks.

You would just need:
    require verify = sender/callout=10s,defer_ok


This means that your server will contact what it finds as the MX server
of the domain for the sender address, and check to see if that server will
recieve email for that sender address, the defer_ok just means to OK the
check rather than fail on 'temporary' connection problems, and the 10s just
means to take no more than 10 seconds to do the check (or connect to the
server, going by memory here and don't remember for sure).

> What I think this says is to require the sender to be verified; and to
> do that you can callout using the senders name, spend 10 seconds trying
> to do this, and if you can't, it's ok to defer the message.


No, look above, not OK to defer the message, but OK to not fail the check
shoud there some kind of tempory, non-permenant error while doing the
callout.

>

..[snip]...
>


You can also have it do a 'postmaster' and or 'random user name' checks
against the sender MX server, the former is to see if they accept messages
to the postmaster address, the later is just a cacheing mechenism to reduce
the number of callouts to domains that accept email for any address,
basically if they do, then why check for a specific individual...

--

--EAL--